[Remote] Senior Product Security Engineer

Note: The job is a remote job and is open to candidates in USA. Collibra is seeking a Senior Product Security Engineer to join their high-impact Product Security team. The role involves identifying vulnerabilities and providing expert remediation consulting for global product development teams, ensuring the delivery of secure products and services.

Responsibilities

• Application security for products and/or features supported by your assigned development teams
• Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests
• Leverage AI and MCP to create intelligent, context-aware security guidance and automation
• Providing remediation consulting services to assigned development teams
• Assist with vulnerability management reporting and tracking
• Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation
• Contribute to the configuration and management of security tools

Skills

• 5+ years of application/product security experience
• 2+ years of experience securing Java, Python, and/or JavaScript web applications
• Knowledge of enterprise-level software architecture components and cloud infrastructure
• Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level)
• Experience with AI security tooling, context-aware automation for SSDLC
• Understanding of AI privacy and governance in developer workflows
• Experience using and building agentic AI systems that work collaboratively
• Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s)
• Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issues
• A bachelor's degree or equivalent related working experience is required
• This position is not eligible for visa sponsorship
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil
• Knowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST tooling
• Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers
• Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements
• Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed
• Possess a working knowledge of Python, Java, and/or JavaScript software development languages
• Experienced in Linux and containerization in a cloud environment
• Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders
• Experienced in using SAST, DAST, and SCA tooling
• Experienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.)
• Knowledgeable of vulnerability management concepts, challenges, and reporting
• Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders
• Familiarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001

Benefits

• Bonus potential
• Equity for eligible roles
• A Flex Fund monthly stipend
• Pension/401k plans
• Competitive total rewards package

Company Overview